US10616280B2 - Network security system with cognitive engine for dynamic automation - Google Patents

Network security system with cognitive engine for dynamic automation Download PDF

Info

Publication number
US10616280B2
US10616280B2 US15/793,659 US201715793659A US10616280B2 US 10616280 B2 US10616280 B2 US 10616280B2 US 201715793659 A US201715793659 A US 201715793659A US 10616280 B2 US10616280 B2 US 10616280B2
Authority
US
United States
Prior art keywords
network
rules
network security
changes
vulnerabilities
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US15/793,659
Other versions
US20190124114A1 (en
Inventor
Sasidhar Purushothaman
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of America Corp
Original Assignee
Bank of America Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of America Corp filed Critical Bank of America Corp
Priority to US15/793,659 priority Critical patent/US10616280B2/en
Assigned to BANK OF AMERICA CORPORATION reassignment BANK OF AMERICA CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: PURUSHOTHAMAN, SASIDHAR
Publication of US20190124114A1 publication Critical patent/US20190124114A1/en
Application granted granted Critical
Publication of US10616280B2 publication Critical patent/US10616280B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance or administration or management of packet switching networks
    • H04L41/14Arrangements for maintenance or administration or management of packet switching networks involving network analysis or design, e.g. simulation, network model or planning
    • H04L41/145Arrangements for maintenance or administration or management of packet switching networks involving network analysis or design, e.g. simulation, network model or planning involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing packet switching networks
    • H04L43/04Processing of captured monitoring data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing packet switching networks
    • H04L43/08Monitoring based on specific metrics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing packet switching networks
    • H04L43/50Testing arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Abstract

Embodiments of the present invention provide an automated network security system for dynamically managing network security rules. The system uses a cognitive engine to capture network traffic and analyze behavioral data about said network traffic. Based on analysis of the behavioral data, the system may identify one or more vulnerabilities in the network security system and determine one or more changes to the network security rules to remedy the one or more vulnerabilities. The system further uses a robotic process automation system to test, simulate, and implement the one or more changes to the network security rules for the network.

Description

FIELD

The present invention relates to system, methods, and computer program products for an automated network security system for dynamically managing network security rules.

BACKGROUND

Network security systems require frequent updates to the set of rules that manage the flow of network traffic between an internal and external network. Updating said network security systems is a time-consuming and laborious process. In many cases, updates to a network security system occur only after vulnerabilities in the network security system have been identified. Utilizing a cognitive engine and a robotic process automation system to identify vulnerabilities, test updated rules, and update the network security system overcomes these problems.

SUMMARY

The following presents a simplified summary of one or more embodiments of the present invention, in order to provide a basic understanding of such embodiments. This summary is not an extensive overview of all contemplated embodiments, and is intended to neither identify key or critical elements of all embodiments nor delineate the scope of any or all embodiments. Its sole purpose is to present some concepts of one or more embodiments of the present invention in a simplified form as a prelude to the more detailed description that is presented later.

Embodiments of the present invention address the above needs and/or achieve other advantages by providing apparatuses (e.g., a system, computer program product and/or other devices) and methods for an automated network security system for dynamically managing network security rules. The system embodiments may comprise one or more memory devices having computer readable program code stored thereon, a communication device, and one or more processing devices operatively coupled to the one or more memory devices, wherein the one or more processing devices are configured to execute the computer readable program code to carry out the invention. In computer program product embodiments of the invention, the computer program product comprises at least one non-transitory computer readable medium comprising computer readable instructions for carrying out the invention. Computer implemented method embodiments of the invention may comprise providing a computing system comprising a computer processing device and a non-transitory computer readable medium, where the computer readable medium comprises configured computer program instruction code, such that when said instruction code is operated by said computer processing device, said computer processing device performs certain operations to carry out the invention.

For sample, illustrative purposes, system environments will be summarized. The system may comprise receiving a set of rules associated with a network security system of a network. The system may also continuously monitor network traffic to collect behavioral data associated with the network security system. As the system monitors the network traffic, it will also analyze the behavior data to determine one or more vulnerabilities in the set of rules associated with the network security system. Based on its analysis of the behavioral data, the system can determine one or more changes to the set of rules associated with the network security system, wherein the one or more changes remove the one or more vulnerabilities in the set of rules associated with the network security system. Then, the system may generate a model network traffic, wherein the model network traffic is based off of the behavioral data. The system then initiates execution of a robotic process automation system, wherein the robotic process automation system is configured to generate a virtual testing environment for modeling the one or more changes to the set of rules associated with the network security system, wherein the virtual testing environment simulates an operating environment of the network and the network security system. Further, the robotic process automation system is also configured to simulate an operating environment of the network and the network security system, wherein simulating the operating environment comprises simulating the model network traffic in the virtual testing environment.

In additional or alternative embodiments, the system may be further configured to analyze the simulated model network traffic. Based on analyzing the simulated model network traffic, the system can determine that the one or more changes to the set of rules eliminated the one or more vulnerabilities in the network security system. The system may then alter the set of rules to incorporate the one or more changes.

In other embodiments, the system may also be configured to analyze the simulated model network traffic. Based on analyzing the simulated model network traffic, the system can determine that one or more new vulnerabilities in the set of rules associated with the network security system exist, wherein the one or more new vulnerabilities are different from the one or more vulnerabilities previously identified. Then, the system can determine one or more additional changes to the set of rules associated with the network security system, wherein the one or more changes remove the one or more new vulnerabilities in the set of rules associated with the network security system.

In additional or alternative embodiments, the system may be further configured to repeat until no new vulnerabilities are identified in the rules associated with the network security system.

In some embodiments of the invention, the behavioral data described above comprises at least a history of all network traffic (i) received into the network, (ii) sent from the network, and (iii) blocked by the network security system.

In still further embodiments of the invention, the one or more changes to the set of rules associated with the network security system comprises removing an exception from the set of rules.

In still further embodiments, analyzing the behavioral data comprises determining that there was a breach of the network security system.

BRIEF DESCRIPTION OF THE DRAWINGS

Having thus described embodiments of the invention in general terms, reference will now be made to the accompanying drawings, wherein:

FIG. 1 provides a block diagram illustrating a system environment for dynamically managing network security rules, in accordance with embodiments of the invention;

FIG. 2 provides a block diagram depicting a cognitive engine, in accordance with embodiments of the invention;

FIG. 3 provides a block diagram depicting a robotic process automation system, in accordance with embodiments of the invention; and

FIG. 4 provides a flowchart depicting a process for dynamically managing network security rules, in accordance with embodiments of the present invention.

DETAILED DESCRIPTION OF EMBODIMENTS OF THE INVENTION

Embodiments of the invention will now be described more fully hereinafter with reference to the accompanying drawings, in which some, but not all, embodiments of the invention are shows. Indeed, the invention may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will satisfy applicable legal requirements. In the following description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of one or more embodiments. It may be evident; however, that such embodiment(s) may be practiced without these specific details. Like numbers refer to like elements throughout.

As described in greater detail with reference to the figures below, embodiments of the invention as described herein are systems, methods and computer program products that leverage the capabilities of robotic process automation (RPA) to automate tasks used in monitoring and updating a network security system. Robotic process automation may be employed as a highly customized software tool that automates certain tasks that previously required detailed user supervision. However, when coupled with the cognitive capabilities of the network security system as described in more detail herein, the robotic process automation as used in embodiments of the present invention makes updating and monitoring the network security system faster, more efficient, and more accurate.

FIG. 1 depicts a system diagram of an exemplary embodiment in which the present invention may be deployed. As shown in FIG. 1, the system will typically comprise an internal network 10 of user devices 110 in operative connection with a central server 120. The user devices 110 may be physically connected to the central server 110 by any viable electronic transmission means, including but not limited to Ethernet cables, wireless communication means such as Wi-Fi, Bluetooth, 4G LTE, or the like. In some embodiments, the internal network 10 of user devices 110 may be configured as a local area network (LAN). In other embodiments, the internal network may be configured as a wide area network (WAN). Such a configuration may be useful, for example, in embodiments where the internal network 10 of user devices 110 is a computer network belonging to an enterprise that has users spread across a number of disparate geographic locations.

FIG. 1 also depicts the internal network 10 of user devices 110 as connected to a central server 120, such as in a hub and spoke configuration. It should be understood that the central server 120 may actually be one or more servers operatively connected to one another. Alternatively, the user devices may be directly connected to one another by acceptable transmission means as discussed above, thereby eliminating the need for such a central server 120.

The internal network 10 of user devices 110 is also shown as operatively connected through the central server 120 to a network security system 200 As depicted in FIG. 1, the network security system 200 may be a firewall. FIG. 1 depicts a generic firewall, but it should be understood that embodiments of the present invention may employ any type of network security system, such as a packet-filtering firewall, a circuit-level gateway, stateful inspection firewall, application-level gateway, a multilayer inspection firewall, a combination of any of the foregoing, or the like. In some embodiments, the network security system 200 may be placed between the central server 120 and an external network 20 as shown in FIG. 1. However, the network security system may be employed at any point in the system between the user devices 110 and the external network 20. As used herein, the external network 20 may refer to any network located outside of the network security system 200 that communicates with the internal network 10, including but not limited to the Internet, email servers, WANs or LANs operated by an entity not under control of the network security system 200, or the like.

According to embodiments of the invention, the network security system operates according to a defined set of rules that permit or deny certain types of network traffic to flow between the external network 20 and the internal network 10 of user devices 110. In this respect, the rules are configured in such a manner as to allow all desirable network traffic to flow between the user devices 110 and the external network 120 and exclude any network traffic that may be pose a security threat to the network of user devices.

As will be described in more detail in the description of the remaining figures referenced herein, the network security system 200 is comprised of at least a cognitive engine 230 and a robotic process automation system 250. The cognitive engine 230 is responsible for analyzing network traffic and the set of rules associated with the network security system 200 to identify and correct vulnerabilities in the set of rules. As used herein, vulnerabilities in the set of rules associated with the network security system may refer to errors in the set of rules that permit network traffic through the network security system 200 that should be excluded. Examples of network traffic that should be excluded includes malware, viruses, worms, malicious code, certain cookies, spam, blocked websites, and the like. The cognitive engine may use artificial intelligence, machine learning, predictive analytics, and the like in order to identify and correct vulnerabilities in the set of rules associated with the network security system 200.

The robotic process automation system 250 that is part of the network security system 200 works in conjunction with the cognitive engine to test and repair vulnerabilities in the network security system 200. In this regard, the robotic process automation system 230 is able to perform repetitive tasks related to testing and simulating any changes to the set of rules associated with the network security system 200 in a virtual testing environment. Robotic process automation is particularly well suited for performing such tests and simulations because of its unique ability to accomplish specialized tasks quickly and efficiently. As such, and as will be described in more detail herein, the robotic process automation system is able to generate a virtual testing environment, simulate the operating environment (included modeled network traffic) of the network security system 200, and transmit the results to the cognitive engine in a manner that quickly and efficiently allows the system to remedy vulnerabilities in the network security system 200.

FIG. 2 is a more detailed illustration of the cognitive engine 230 that is part of the network security system 200. As shown in FIG. 2, the cognitive engine 230 is comprised of a communication interface 231, a processing device 233, and a memory device 235. Stored on the memory device 235 are a traffic capture module 236, a behavioral analysis module 238, and a model generation module 239. The cognitive engine 230 may additionally comprise a datastore 237. In some embodiments, the above elements may be comprised in a single unit, such as in a server. In other embodiments, the above elements may actually be one or more elements (e.g., one or more memory devices, one or more processing devices, and the like). In yet other embodiments, the elements may be spread across one or more devices or units, such as in a rack of servers.

The communication interface 231 as depicted in FIG. 2 permits the cognitive engine 230 to communicate with other elements of the network security system 200. In this regard, the communication interface may be configured to receive and transmit communications over any means of communication in which network traffic is exchanged, including but not limited to Wi-Fi, Ethernet, DSL, phone-line communication, Bluetooth, wireless communication such as 4G LTE, or the like. Additionally, the communication interface 231 must allow the cognitive engine to interact and send/receive information to the robotic process automation system 250. Such communications may be conducted over any of the channels as described above.

The cognitive engine 230 also comprises one or more processing devices 233. The one or more processing devices 233 is responsible for handling the various tasks the cognitive engine 230 is required to perform. In this regard, the processing device 233 may execute analytical tasks performed by the modules stored on the one or more memory devices 235 as described herein.

As noted, the cognitive engine 230 also includes one or more memory devices 235. The one or more memory devices 235 may further comprise a series of modules that for performing the various tasks required of the cognitive engine 230 in order for the system to work. In particular, the one or more memory devices 235 comprises a traffic capture module 236, behavioral analysis module 238, and a model generation module 239. In accordance with embodiments of the invention, the term “module” with respect to the system may refer to a hardware component of the system, a software component of the system, or a component of the system that includes both hardware and software. As used herein, a module may include one or more modules, where each module may reside in separate pieces of hardware or software.

The traffic capture module 236 is responsible for capturing the network traffic exchanged between the internal network 10 of user devices 110 and the external network 20. The traffic capture module 236 is configured to capture traffic entering the network security system from both the internal network 10 and the external network 20. Moreover, the traffic capture module may be further configured to capture traffic that was prevented from entering or exiting the internal network 10 under the rules associated with the network security system 200. For example, if the rules associated with the network security system 200 prevent certain malicious code from entering the internal network 10 from the external network 20, the traffic capture module may quarantine the excepted malicious code in the datastore 237 or other like storage area.

The cognitive engine also comprises a behavioral analysis module 238. The behavioral analysis module 238 is responsible for analyzing the behavior of the system to identify patterns in the network traffic, determine whether the rules associated with the network security system 200 are adequately routing network traffic (e.g., excluding unwanted traffic such as malicious code and permitting all other traffic to pass), predict future network traffic based on identified patterns, identify vulnerabilities in the rules associated with the network security system 200 (e.g., the behavioral analysis module 238 will look at predicted future network traffic, which may include potential unwanted traffic, and determine that the rules will not exclude the potential unwanted traffic). The behavioral analysis module further can identify one or more changes to the set of rules associated with the network security system 200 that will remedy any vulnerabilities it has identified. As will be discussed in more detail below, the cognitive engine 230 is capable of performing the above functions not only on captured network traffic, but on modeled network traffic as well. In this regard, the cognitive engine is able to determine how one or more changes to the set of rules associated with the network security system 200 will affect modeled network traffic, and whether an additional one or more changes to the set of rules will be needed to remedy remaining vulnerabilities in the network security system 200.

As shown in FIG. 2, the cognitive engine 230 also comprises a model generation module 239. The model generation module is responsible for generating a model in which the system can simulate the operating environment of the network security system 200. This may comprise generating a model network traffic, wherein the model network traffic is based off identified patterns in the network traffic determined by the behavioral analysis module 238. As noted above, the model network traffic will be used in a virtual testing environment to simulate the operating environment of the network security system 200.

FIG. 2 also depicts the cognitive engine 230 comprising a datastore 237. The datastore 237 is used to store the data necessary for the modules described above to perform their prescribed functions. For example, the datastore may hold the network traffic captured by the traffic capture module 236. In this regard, the behavioral analysis module 238 will have access to the captured network traffic in the datastore 237 in order for the behavioral analysis module 238 to identify patterns in the captured network traffic.

As noted above, the network security system 200 comprises a robotic process automation system 250 in addition to the cognitive engine 230. Together, the cognitive engine 230 and the robotic process automation system 250 as described herein provides the system the ability to capture and analyze network traffic, determine patterns in the traffic to generate a model network traffic, make one or more changes to the set of rules associated with the network security system 200, and simulate the one or more changes using the model network traffic. In this regard, the system is able to make changes to correct vulnerabilities in the network security system 200 before those vulnerabilities are identified. Indeed, the dynamic nature of this system allows the system to constantly update, change, or otherwise modify the set of rules associated with the network system without a security breach or other vulnerability having occurred.

The robotic process automation system 250 is illustrated in FIG. 3. As shown in FIG. 3, the robotic process automation system 250 comprises a communication interface 251, processing device 253, and a memory device 255 further comprising a test launch module 256 and a simulation module 258.

The communication interface 251 is similar to the communication interface 230 described above with respect to the cognitive engine 231. Like the cognitive engine 230 communication interface 231, the robotic process automation system 250 communication interface 251 may be configured to communicate via Wi-Fi, Ethernet, DSL, phone-line communication, Bluetooth, wireless communication such as 4G LTE, or the like. The communication interface is primarily responsible for receiving communications from the cognitive engine 230 (e.g., to start a testing simulation) and for transmitting data from simulations and any other processes run by the robotic process automation system 250.

The robotic process automation system 250 also comprises one or more processing devices 253. The one or more processing devices 253 is responsible for handling the various tasks the robotic process automation system 250 is required to perform. In this regard, the processing device 253 may execute the tasks performed by the modules stored on the one or more memory devices 255 as described herein.

As noted, the robotic process automation system 250 also includes one or more memory devices 255. The memory device may further comprise a series of modules for performing the various tasks required of the robotic process automation system 250 in order for the system to work. In particular, the one or more memory devices 255 comprise a test launch module 256 and a simulation module 258.

The test launch module is responsible for generating a virtual testing environment in which the system can simulate network traffic to help determine whether the one or more changes to the set of rules associated with the network security system 200 successfully eliminated the one or more vulnerabilities identified by the behavioral analysis module 238 described above. The virtual testing environment may comprise one or more virtual machines capable of simulating the operating systems of the user devices 110 on the internal network 10, the network security system 200, and the external network 20. In this respect, the system is capable of testing and simulating changes to the one or more rules associated with the network security system 200 in a completely virtual environment, thereby preventing the any introduction of vulnerabilities into the network resulting from testing the one or more changes on the actual network security system 200.

As shown in FIG. 3, the robotic process automation system 250 also comprises a simulation module 258. The simulation module 258 is responsible for simulating the operating environment of the network security system 200 by running the model network traffic received from the model generation module 239 of the cognitive engine 230 in the virtual testing environment. The simulation module 258 may run several different simulations using one or more model network traffics in order to determine whether the one or more changes to the set of rules associated with the network security system 200. The simulation module 258 will also transmit the results of each simulation back to the cognitive engine 230, where it can be stored in the datastore 237 and the analyzed by the behavior analysis module 238.

The robotic process automation system is particularly well suited for performing testing and simulation because it can be platform agnostic and work with any type of network security system 200. In this regard, the robotic process automation system 200 needs only to generate the virtual testing environment and to execute the model network traffic. The robotic process automation system 200 is able to accomplish the above tasks based solely on information it receives from cognitive engine 230.

FIG. 4 is a flowchart illustrating an exemplary embodiment of the invention. At block 410, the system first receives a set of rules associated with a network security system 200. As detailed above, the set of rules associated with the network security system 200 are designed so as to permit or deny certain types of network traffic to flow between an external network 20 and an internal network 10 of user devices 110. In this respect, the set of rules are configured in such a manner so as to allow the internal network 10 and the external network 20 to exchange information, but to exclude traffic that may be deemed a security threat. Such security threats may include security threats that originate from the external network 20, such as malicious code, blocked websites, viruses, worms, illicit content, and the like. Similarly, the set of rules associated with the network security system 200 may be configured to prevent certain types of network traffic originating in the internal network 10 from travelling to the broader external network 20. For example, the set of rules may be configured to block certain confidential materials, unencrypted documents or emails, and the like. The set of rules associated with the network security system may be stored in a datastore in the network security system 200 itself, such as datastore 237 in the cognitive engine 230.

Once the system has the set of rules associated with the network security system 200, the system can begin monitoring the network traffic exchanged between the internal network 10 of user devices 110 and the external network 20. This is depicted at block 420 in FIG. 4. As mentioned above, the traffic capture module 236 in the cognitive engine 230 is responsible for capturing the network traffic exchanged between the internal network 10 and the external network 20. The traffic capture module 236 must be bi-directional, meaning that it is capable of capturing traffic that enters the network security system 200 from both the internal network 10 and the external network 20. The traffic capture module 236 must also be able to capture the network traffic that leaves the network security system 200 so that the behavioral analysis module 238 can determine what traffic has been excluded under the set of rules associated with the network security system 200.

At block 430, the system analyzes behavioral data. As noted above, the behavioral analysis module 238 is responsible for analyzing the behavioral data of the network traffic captured by the traffic capture module 236. In some embodiments of the invention, the behavioral analysis module 238 may use artificial intelligence, machine learning or the like to aid in analyzing the behavior of the network security system 200. In this regard, the system may “learn” how the network security system 200 allows and/or excludes certain types of network traffic based on its set of rules. In addition, the artificial intelligence, machine learning or like system employed by the behavioral analysis module 238 can learn how the set of rules associated with the network security system 200 wrongfully allow and/or exclude certain types of network traffic. For example, the behavioral analysis module 238 may analyze excluded network traffic and compare it to network traffic allowed through the network security system 200. The behavioral analysis module 238 may determine that there is no difference between elements certain excluded traffic and traffic that was allowed, thereby determining that such network traffic was wrongfully excluded. As will be described in more detail below, such an instance may require an update to the set of rules associated with the network security system 200.

In some embodiments, the behavioral analysis module 238 may analyze the behavioral data of the network traffic and determine that a breach of the network security system 200 has occurred. In such embodiments, the behavioral analysis module 238 may determine that certain malicious code, viruses, spam, unauthorized users, or the like were wrongfully allowed from the external network 20 past the network security system 200. Once the system has determined that a breach of the network security system 200 has occurred, the system may respond in any number of ways to limit prevent harm to the internal network 10. For example, the system may automatically shut down all network traffic for a specified amount of time, trigger a notification to certain network administrators that a breach has occurred, quarantine any malicious code that gotten through the network security system 200, or the like.

Similarly, the behavioral analysis module 238 may determine based on its behavioral analysis of network traffic that vulnerabilities exist in the set of rules associated with the network security system. At block 440, the analysis described above is used to determine whether any such vulnerabilities exist in the network security system 200. If the behavioral analysis determines there are no such vulnerabilities (block 441), the system continues to monitor network traffic as described above with reference to block 420. Alternatively, if the system identifies that there are vulnerabilities in the set of rules associated with the network security system (block 442), the system will need to change the set of rules associated with the network security system 200.

At block 450, the system may determine one or more changes to the set of rules associated with the network security system 200 in order to correct or remedy the vulnerabilities identified at block 440. The one or more changes to the set of rules may comprise an entirely new rule to exclude network traffic that the behavioral analysis module 238 has identified may pose a security threat to the internal network 10. Alternatively, the one or more changes may comprise removing one or more rules that the behavioral analysis module 238 has determined are excessive or superfluous.

Once the system has determined one or more changes to the set of rules associated with the network security system 200, the system then generates a model network traffic as depicted at block 460. The model network traffic is generated by the model generation module 239 of the cognitive engine 230 as described above. In embodiments of the invention, the model network traffic is designed to simulate a typical network traffic that the network security system 200 would be expected to encounter. In this regard, the model network traffic allows the system to simulate the network security system 200 with one or more changes to the set of rules using the model network traffic. The model generation module 230 may base the model network traffic off of patterns identified in the network traffic captured by the traffic capture module in order to predict likely future network traffic. Additionally, if the one or more changes to the rules associated with the network security system 200 are designed to correct a specific vulnerability identified in the network security system 200, the model generation module 239 may generate model network traffic that mimics that particular vulnerability. For example, if the one or more changes to the model comprise a new rule designed to prevent a type of malicious code from entering the internal network 10, the model network traffic may include that specific type of malicious code. In this regard, when the robotic process automation system 250 runs simulations using the model network traffic, the system will be able to test whether the one or more changes to the set of rules associated with the network security system 200 adequately block the specific type of malicious code.

At block 470, after the model traffic has been generated, the system next initiates the robotic process automation system 250 described above with reference to FIG. 3. Initiating the robotic process automation system 250 may comprise initiating an executable file that launches the robotic process automation system 250. In some embodiments, initiating the robotic process automation system 250 may further comprise providing the robotic process automation system 250 with the model network traffic and the one or more changes to the set of rules associated with the network security system 200.

As noted above, the robotic process automation system is a customized system tailored to run repetitive simulations in a virtual testing environment mimicking the operating conditions of the network security system 200. As such, the first step for the robotic process automation system 250 to run is to generate the virtual testing environment, as illustrated at block 471. Generating the virtual testing environment may comprise creating one or more virtual machines that simulate the components of the network, including but not limited to the internal network 10 of user devices 110, the network security system 200 with one or more changes to the set of rules determined at block 450, and the external network 20.

At block 472, after the robotic process automation system 250 has generated the virtual testing environment, the robotic process automation system 250 next simulates the operating environment of the network security system 200 by running the model network traffic generated by the model generation module 239 at block 460. In this regard, the robotic process automation system 250 may run several simulations that are designed to emulate the types of network traffic the network security system 200 will be expected to encounter. In the virtual testing environment, the model network traffic will operate according to the same set of rules associated with the network security system 200 as the physical environment will encounter, should the one or more changes to the set of rules go into effect.

At block 473, the robotic process automation system stores the simulated results in the datastore 237 that is part of the cognitive engine 230. Accordingly, the cognitive engine 230 has easy access to the simulated network traffic and can analyze said traffic in order to determine whether the one or more changes to the rules simulated by the robotic process automation system 250 were effective in addressing the one or more vulnerabilities identified at block 440. In some embodiments, the robotic process automation store the simulated results in the datastore in real time (i.e. simulated network traffic will be stored in the datastore 237 while the robotic process automation system 250 is still running simulations). In other embodiments, the robotic process automation system 250 may wait until the simulations are complete before storing the results in the datastore 237.

Once the robotic process automation system 250 has completed it simulations and stored the results in the datastore 237, the cognitive engine 230 once again will analyze the simulated network traffic in the behavioral analysis module 236. At block 480, the behavioral analysis module 236 will identify vulnerabilities in the modeled network security system 200. In this regard, any vulnerabilities may be the same vulnerabilities identified at block 440, indicating that the one or more changes to the set of rules associated with the network security system 200 were ineffective in remedying the vulnerabilities. Alternatively, the system may identify one or more new vulnerabilities caused by the one or more changes to the set of rules. In either event, the system must determine one or more new changes to the set of rules in order to remedy the vulnerabilities identified at block 480. As shown in FIG. 4, at block 481, the system positively identified one or more vulnerabilities based on the simulations run by the robotic process automation system 250. In this case, the system returns to block 450, where it will determine on or more new changes to the set of rules associated with the network security system 200 to remedy the remaining vulnerabilities in the network security system 200. On the other hand, if no vulnerabilities are identified based on the simulations run by the robotic process automation system 250 (block 482), the system will make the one or more changes to the set of rules. Once the changes are made to the set of rules, the system can then return to block 420, where it will continue monitoring network traffic until the system identifies later vulnerabilities in the network security system, at which the above described process will restart.

Although many embodiments of the present invention have just been described above, the present invention may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will satisfy applicable legal requirements. Also, it will be understood that, where possible, any of the advantages, features, functions, devices, and/or operational aspects of any of the embodiments of the present invention described and/or contemplated herein may be included in any of the other embodiments of the present invention described and/or contemplated herein, and/or vice versa. In addition, where possible, any terms expressed in the singular form herein are meant to also include the plural form and/or vice versa, unless explicitly stated otherwise. Accordingly, the terms “a” and/or “an” shall mean “one or more,” even though the phrase “one or more” is also used herein. Like numbers refer to like elements throughout.

As will be appreciated by one of ordinary skill in the art in view of this disclosure, the present invention may include and/or be embodied as an apparatus (including, for example, a system, machine, device, computer program product, and/or the like), as a method (including, for example, a business method, computer-implemented process, and/or the like), or as any combination of the foregoing. Accordingly, embodiments of the present invention may take the form of an entirely business method embodiment, an entirely software embodiment (including firmware, resident software, micro-code, stored procedures in a database, or the like), an entirely hardware embodiment, or an embodiment combining business method, software, and hardware aspects that may generally be referred to herein as a “system.” Furthermore, embodiments of the present invention may take the form of a computer program product that includes a computer-readable storage medium having one or more computer-executable program code portions stored therein. As used herein, a processor, which may include one or more processors, may be “configured to” perform a certain function in a variety of ways, including, for example, by having one or more general-purpose circuits perform the function by executing one or more computer-executable program code portions embodied in a computer-readable medium, and/or by having one or more application-specific circuits perform the function.

It will be understood that any suitable computer-readable medium may be utilized. The computer-readable medium may include, but is not limited to, a non-transitory computer-readable medium, such as a tangible electronic, magnetic, optical, electromagnetic, infrared, and/or semiconductor system, device, and/or other apparatus. For example, in some embodiments, the non-transitory computer-readable medium includes a tangible medium such as a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), a compact disc read-only memory (CD-ROM), and/or some other tangible optical and/or magnetic storage device. In other embodiments of the present invention, however, the computer-readable medium may be transitory, such as, for example, a propagation signal including computer-executable program code portions embodied therein. In some embodiments, memory may include volatile memory, such as volatile random access memory (RAM) having a cache area for the temporary storage of information. Memory may also include non-volatile memory, which may be embedded and/or may be removable. The non-volatile memory may additionally or alternatively include an EEPROM, flash memory, and/or the like. The memory may store any one or more of pieces of information and data used by the system in which it resides to implement the functions of that system.

One or more computer-executable program code portions for carrying out operations of the present invention may include object-oriented, scripted, and/or unscripted programming languages, such as, for example, Java, Perl, Smalltalk, C++, SAS, SQL, Python, Objective C, JavaScript, and/or the like. In some embodiments, the one or more computer-executable program code portions for carrying out operations of embodiments of the present invention are written in conventional procedural programming languages, such as the “C” programming languages and/or similar programming languages. The computer program code may alternatively or additionally be written in one or more multi-paradigm programming languages, such as, for example, F #.

Some embodiments of the present invention are described herein with reference to flowchart illustrations and/or block diagrams of apparatus and/or methods. It will be understood that each block included in the flowchart illustrations and/or block diagrams, and/or combinations of blocks included in the flowchart illustrations and/or block diagrams, may be implemented by one or more computer-executable program code portions. These one or more computer-executable program code portions may be provided to a processor of a general purpose computer, special purpose computer, and/or some other programmable data processing apparatus in order to produce a particular machine, such that the one or more computer-executable program code portions, which execute via the processor of the computer and/or other programmable data processing apparatus, create mechanisms for implementing the steps and/or functions represented by the flowchart(s) and/or block diagram block(s).

The one or more computer-executable program code portions may be stored in a transitory and/or non-transitory computer-readable medium (e.g., a memory or the like) that can direct, instruct, and/or cause a computer and/or other programmable data processing apparatus to function in a particular manner, such that the computer-executable program code portions stored in the computer-readable medium produce an article of manufacture including instruction mechanisms which implement the steps and/or functions specified in the flowchart(s) and/or block diagram block(s).

The one or more computer-executable program code portions may also be loaded onto a computer and/or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer and/or other programmable apparatus. In some embodiments, this produces a computer-implemented process such that the one or more computer-executable program code portions which execute on the computer and/or other programmable apparatus provide operational steps to implement the steps specified in the flowchart(s) and/or the functions specified in the block diagram block(s). Alternatively, computer-implemented steps may be combined with, and/or replaced with, operator- and/or human-implemented steps in order to carry out an embodiment of the present invention.

While certain exemplary embodiments have been described and shown in the accompanying drawings, it is to be understood that such embodiments are merely illustrative of and not restrictive on the broad invention, and that this invention not be limited to the specific constructions and arrangements shown and described, since various other changes, combinations, omissions, modifications and substitutions, in addition to those set forth in the above paragraphs, are possible. Those skilled in the art will appreciate that various adaptations, modifications, and combinations of the just described embodiments can be configured without departing from the scope and spirit of the invention. Therefore, it is to be understood that, within the scope of the appended claims, the invention may be practiced other than as specifically described herein.

Claims (14)

What is claimed is:
1. An automated network security system for dynamically managing network security rules, the system comprising:
one or more processor components;
one or more memory components operatively coupled to the one or more processor components;
computer programmable instructions stored on the one or more memory components and configured to cause the one or more processor components to:
receive a set of rules associated with a network security system of a network;
continuously monitor network traffic to collect behavioral data associated with the network security system, wherein the behavioral data comprises at least: a history of all network traffic: (i) received into the network, (ii) sent from the network, and (iii) blocked by the network security system;
analyze the behavioral data to determine one or more vulnerabilities in the set of rules associated with the network security system;
determine one or more changes to the set of rules associated with the network security system, wherein the one or more changes are configured to remove the one or more vulnerabilities in the set of rules associated with the network security system, wherein the one or more changes further comprises:
adding at least one new rule to the set of rules designed to exclude network traffic posing a security threat; and
removing at least one existing rule from the set of rules that is excessive;
generate a model network traffic, wherein the model network traffic is designed to mimic the one or more vulnerabilities in the set of rules associated with the network security system;
initiate execution of a robotic process automation system, wherein the robotic process automation script is configured to:
generate a virtual testing environment for modeling the one or more changes to the set of rules associated with the network security system, wherein the virtual testing environment simulates an operating environment of the network and the network security system; and
simulate an operating environment of the network and the network security system, wherein simulating the operating environment comprises simulating the model network traffic in the virtual testing environment;
analyze the simulated model network traffic;
determine, based on analyzing the simulated model network traffic, that one or more new vulnerabilities in the set of rules associated with the network security system exist, wherein the one or more new vulnerabilities are different from the one or more vulnerabilities previously identified; and
determine one or more additional changes to the set of rules associated with the network security system, wherein the one or more changes remove the one or more new vulnerabilities in the set of rules associated with the network security system.
2. The automated network security system of claim 1, wherein the system is further configured to:
analyze the simulated model network traffic;
determine, based on analyzing the simulated model network traffic, that the one or more changes to the set of rules eliminated the one or more vulnerabilities in the network security system;
alter the set of rules to incorporate the one or more changes.
3. The system of claim 1, wherein the system is further configured to repeat until no new vulnerabilities are identified in the rules associated with the network security system.
4. The system of claim 1, wherein the one or more changes to the set of rules associated with the network security system comprises removing an exception from the set of rules.
5. The system of claim 1, wherein analyzing the behavioral data comprises determining that there was a breach of the network security system.
6. A computer program product for dynamically managing network security rules, the computer program product comprising at least one non-transitory computer readable medium comprising computer readable instructions, the instructions comprising instructions for:
receiving a set of rules associated with a network security system of a network;
continuously monitor network traffic to collect behavioral data associated with the network security system, wherein the behavioral data comprises at least: a history of all network traffic: (i) received into the network, (ii) sent from the network, and (iii) blocked by the network security system;
analyzing the behavioral data to determine one or more vulnerabilities in the set of rules associated with the network security system;
determining one or more changes to the set of rules associated with the network security system, wherein the one or more changes are configured to remove the one or more vulnerabilities in the set of rules associated with the network security system, wherein the one or more changes further comprises:
adding at least one new rule to the set of rules designed to exclude network traffic posing a security threat; and
removing at least one existing rule from the set of rules that is excessive;
generating a model network traffic, wherein the model network traffic is designed to mimic the one or more vulnerabilities in the set of rules associated with the network security system;
initiating execution of a robotic process automation system, wherein the robotic process automation script is configured to:
generating a virtual testing environment for modeling the one or more changes to the set of rules associated with the network security system, wherein the virtual testing environment simulates an operating environment of the network and the network security system; and
simulating an operating environment of the network and the network security system, wherein simulating the operating environment comprises simulating the model network traffic in the virtual testing environment;
analyzing the simulated model network traffic;
determining, based on analyzing the simulated model network traffic, that one or more new vulnerabilities in the set of rules associated with the network security system exist, wherein the one or more new vulnerabilities are different from the one or more vulnerabilities previously identified; and
determining one or more additional changes to the set of rules associated with the network security system, wherein the one or more changes remove the one or more new vulnerabilities in the set of rules associated with the network security system.
7. The computer program product of claim 6, wherein the computer readable instructions further comprise instructions for:
analyzing the simulated model network traffic;
determining, based on analyzing the simulated model network traffic, that the one or more changes to the set of rules eliminated the one or more vulnerabilities in the network security system;
altering the set of rules to incorporate the one or more changes.
8. The computer program product of claim 6, wherein the computer readable instructions further comprise instructions for repeating until no new vulnerabilities are identified in the rules associated with the network security system.
9. The computer program product of claim 6, wherein the one or more changes to the set of rules associated with the network security system comprises removing an exception from the set of rules.
10. The computer program product of claim 6, wherein analyzing the behavioral data comprises determining that there was a breach of the network security system.
11. A computer implemented method for dynamically managing network security rules, the computer implemented method comprising:
providing a computing system comprising a computer processing device and a non-transitory computer readable medium, where the computer readable medium comprises configured computer program instruction code, such that when said instruction code is operated by said computer processing device, said computer processing device performs the following operations: receiving a set of rules associated with a network security system of a network;
continuously monitoring network traffic to collect behavioral data associated with the network security system, wherein the behavioral data comprises at least: a history of all network traffic: (i) received into the network, (ii) sent from the network, and (iii) blocked by the network security system;
analyzing the behavioral data to determine one or more vulnerabilities in the set of rules associated with the network security system;
determining one or more changes to the set of rules associated with the network security system, wherein the one or more changes are configured to remove the one or more vulnerabilities in the set of rules associated with the network security system, wherein the one or more changes further comprises:
adding at least one new rule to the set of rules designed to exclude network traffic posing a security threat; and
removing at least one existing rule from the set of rules that is excessive;
generating a model network traffic, wherein the model network traffic is designed to mimic the one or more vulnerabilities in the set of rules associated with the network security system;
initiating execution of a robotic process automation system, wherein the robotic process automation script is configured to:
generating a virtual testing environment for modeling the one or more changes to the set of rules associated with the network security system, wherein the virtual testing environment simulates an operating environment of the network and the network security system; and
simulating an operating environment of the network and the network security system, wherein simulating the operating environment comprises simulating the model network traffic in the virtual testing environment;
analyzing the simulated model network traffic;
determining, based on analyzing the simulated model network traffic, that one or more new vulnerabilities in the set of rules associated with the network security system exist, wherein the one or more new vulnerabilities are different from the one or more vulnerabilities previously identified; and
determining one or more additional changes to the set of rules associated with the network security system, wherein the one or more changes remove the one or more new vulnerabilities in the set of rules associated with the network security system.
12. The computer implemented method of claim 11, the method further comprising:
analyzing the simulated model network traffic;
determining, based on analyzing the simulated model network traffic, that the one or more changes to the set of rules eliminated the one or more vulnerabilities in the network security system;
altering the set of rules to incorporate the one or more changes.
13. The computer implemented method of claim 11, wherein the computer readable instructions further comprise instructions for repeating until no new vulnerabilities are identified in the rules associated with the network security system.
14. The computer implemented method of claim 11, wherein the one or more changes to the set of rules associated with the network security system comprises removing an exception from the set of rules.
US15/793,659 2017-10-25 2017-10-25 Network security system with cognitive engine for dynamic automation Active 2038-04-20 US10616280B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US15/793,659 US10616280B2 (en) 2017-10-25 2017-10-25 Network security system with cognitive engine for dynamic automation

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US15/793,659 US10616280B2 (en) 2017-10-25 2017-10-25 Network security system with cognitive engine for dynamic automation
US16/777,455 US20200169585A1 (en) 2017-10-25 2020-01-30 Network security system with cognitive engine for dynamic automation

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US16/777,455 Continuation US20200169585A1 (en) 2017-10-25 2020-01-30 Network security system with cognitive engine for dynamic automation

Publications (2)

Publication Number Publication Date
US20190124114A1 US20190124114A1 (en) 2019-04-25
US10616280B2 true US10616280B2 (en) 2020-04-07

Family

ID=66170277

Family Applications (2)

Application Number Title Priority Date Filing Date
US15/793,659 Active 2038-04-20 US10616280B2 (en) 2017-10-25 2017-10-25 Network security system with cognitive engine for dynamic automation
US16/777,455 Pending US20200169585A1 (en) 2017-10-25 2020-01-30 Network security system with cognitive engine for dynamic automation

Family Applications After (1)

Application Number Title Priority Date Filing Date
US16/777,455 Pending US20200169585A1 (en) 2017-10-25 2020-01-30 Network security system with cognitive engine for dynamic automation

Country Status (1)

Country Link
US (2) US10616280B2 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10616280B2 (en) 2017-10-25 2020-04-07 Bank Of America Corporation Network security system with cognitive engine for dynamic automation
US10659482B2 (en) * 2017-10-25 2020-05-19 Bank Of America Corporation Robotic process automation resource insulation system
US10606687B2 (en) 2017-12-04 2020-03-31 Bank Of America Corporation Process automation action repository and assembler
US10819730B2 (en) * 2017-12-05 2020-10-27 International Business Machines Corporation Automatic user session profiling system for detecting malicious intent
US10764290B2 (en) * 2018-08-23 2020-09-01 Accenture Global Solutions Limited Governed access to RPA bots

Citations (125)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5907709A (en) 1996-02-08 1999-05-25 Inprise Corporation Development system with methods for detecting invalid use and management of resources and memory at runtime
US20020184528A1 (en) * 2001-04-12 2002-12-05 Shevenell Michael P. Method and apparatus for security management via vicarious network devices
US20030046583A1 (en) * 2001-08-30 2003-03-06 Honeywell International Inc. Automated configuration of security software suites
US20040030931A1 (en) 2002-08-12 2004-02-12 Chamandy Alexander G. System and method for providing enhanced network security
US6738908B1 (en) * 1999-05-06 2004-05-18 Watchguard Technologies, Inc. Generalized network security policy templates for implementing similar network security policies across multiple networks
US20040168173A1 (en) 1999-11-15 2004-08-26 Sandia National Labs Method and apparatus providing deception and/or altered execution of logic in an information system
US6826698B1 (en) 2000-09-15 2004-11-30 Networks Associates Technology, Inc. System, method and computer program product for rule based network security policies
US6829585B1 (en) 2000-07-06 2004-12-07 General Electric Company Web-based method and system for indicating expert availability
US20050044418A1 (en) * 2003-07-25 2005-02-24 Gary Miliefsky Proactive network security system to protect against hackers
US20050076237A1 (en) 2002-10-03 2005-04-07 Sandia National Labs Method and apparatus providing deception and/or altered operation in an information system operating system
US20050166072A1 (en) 2002-12-31 2005-07-28 Converse Vikki K. Method and system for wireless morphing honeypot
US20060048218A1 (en) 2004-09-02 2006-03-02 International Business Machines Corporation System and method for on-demand dynamic control of security policies/rules by a client computing device
US20060090136A1 (en) * 2004-10-01 2006-04-27 Microsoft Corporation Methods and apparatus for implementing a virtualized computer system
US20060191010A1 (en) * 2005-02-18 2006-08-24 Pace University System for intrusion detection and vulnerability assessment in a computer network using simulation and machine learning
US7120647B2 (en) 2001-10-30 2006-10-10 General Electric Company Web-based method and system for providing expert information on selected matters
US20070016945A1 (en) 2005-07-15 2007-01-18 Microsoft Corporation Automatically generating rules for connection security
US7174563B1 (en) * 1997-12-08 2007-02-06 Entrust, Limited Computer network security system and method having unilateral enforceable security policy provision
US20070143847A1 (en) 2005-12-16 2007-06-21 Kraemer Jeffrey A Methods and apparatus providing automatic signature generation and enforcement
US7260844B1 (en) * 2003-09-03 2007-08-21 Arcsight, Inc. Threat detection in a network security system
US7383578B2 (en) 2002-12-31 2008-06-03 International Business Machines Corporation Method and system for morphing honeypot
US20080168425A1 (en) 2007-01-05 2008-07-10 Microsoft Corporation Software testing techniques for stack-based environments
US7426654B2 (en) 2005-04-14 2008-09-16 Verizon Business Global Llc Method and system for providing customer controlled notifications in a managed network services system
US7431202B1 (en) 2004-03-17 2008-10-07 Clifford Anthony Meador System and method to monitor credit card transactions
US7607066B2 (en) 2002-06-26 2009-10-20 Microsoft Corporation Auto suggestion of coding error correction
US7626938B1 (en) 2005-03-31 2009-12-01 Marvell Israel (M.I.S.L) Ltd. Local area network switch using control plane packet mirroring to support multiple network traffic analysis devices
US7680809B2 (en) 2004-03-31 2010-03-16 Google Inc. Profile based capture component
US7685067B1 (en) 1999-05-14 2010-03-23 Amazon.Com, Inc. Computer-assisted funds transfer system
US7752554B2 (en) 2006-10-05 2010-07-06 Microsoft Corporation Bot identification and control
US20100223327A1 (en) 2009-03-02 2010-09-02 Realnetworks, Inc. Re-headerer system and method
US7861252B2 (en) 2001-03-21 2010-12-28 Andrzej Uszok Intelligent software agent system architecture
US7882394B2 (en) 2005-07-11 2011-02-01 Brooks Automation, Inc. Intelligent condition-monitoring and fault diagnostic system for predictive maintenance
US7937624B2 (en) 2005-04-18 2011-05-03 Research In Motion Limited Method for handling a detected error in a script-based application
US7954143B2 (en) 2006-11-13 2011-05-31 At&T Intellectual Property I, Lp Methods, network services, and computer program products for dynamically assigning users to firewall policy groups
US20110131644A1 (en) * 2000-08-25 2011-06-02 Keanini Timothy D Network security system having a device profiler communicatively coupled to a traffic monitor
US7966654B2 (en) 2005-11-22 2011-06-21 Fortinet, Inc. Computerized system and method for policy-based content filtering
US7966655B2 (en) 2006-06-30 2011-06-21 At&T Intellectual Property Ii, L.P. Method and apparatus for optimizing a firewall
US7966659B1 (en) 2006-04-18 2011-06-21 Rockwell Automation Technologies, Inc. Distributed learn mode for configuring a firewall, security authority, intrusion detection/prevention devices, and the like
US7973508B2 (en) 2007-12-10 2011-07-05 XyZ Automation Inc. Automation systems diagnostics and predictive failure detection
US8065719B2 (en) 2005-04-08 2011-11-22 At&T Intellectual Property Ii, L.P. Method and apparatus for reducing firewall rules
US8082471B2 (en) 2007-05-11 2011-12-20 Microsoft Corporation Self healing software
US8099774B2 (en) 2006-10-30 2012-01-17 Microsoft Corporation Dynamic updating of firewall parameters
US8171406B1 (en) 2009-08-19 2012-05-01 Symantec Corporation Automating user interface navigation
US8239674B2 (en) 2006-11-21 2012-08-07 Kabushiki Kaisha Toshiba System and method of protecting files from unauthorized modification or deletion
US8285652B2 (en) 2008-05-08 2012-10-09 Microsoft Corporation Virtual robot integration with search
US8285643B2 (en) 2008-06-12 2012-10-09 Monncello Enterprises, LLC System and method for processing gift cards
US8397282B2 (en) 2004-03-10 2013-03-12 Rpx Corporation Dynamically adaptive network firewalls and method, system and computer program product implementing same
US8407670B2 (en) 2006-06-02 2013-03-26 Microsoft Corporation Collaborative code conflict detection, notification and resolution
US8418240B2 (en) 2007-12-26 2013-04-09 Algorithmic Security (Israel) Ltd. Reordering a firewall rule base according to usage statistics
US8448139B2 (en) 2009-10-05 2013-05-21 International Business Machines Corporation Automatic correction of application based on runtime behavior
US8508336B2 (en) 2008-02-14 2013-08-13 Proxense, Llc Proximity-based healthcare management system with automatic access to private information
US8515958B2 (en) 2009-07-28 2013-08-20 Fti Consulting, Inc. System and method for providing a classification suggestion for concepts
US20130227697A1 (en) * 2012-02-29 2013-08-29 Shay ZANDANI System and method for cyber attacks analysis and decision support
US8549643B1 (en) 2010-04-02 2013-10-01 Symantec Corporation Using decoys by a data loss prevention system to protect against unscripted activity
US8566169B2 (en) 2011-07-15 2013-10-22 Bank Of America Corporation Virtual gift card
US8572733B1 (en) 2005-07-06 2013-10-29 Raytheon Company System and method for active data collection in a network security system
US8588767B2 (en) 2011-03-31 2013-11-19 Fujitsu Limited Mobile terminal device, self-diagnosis method and non-transitory, computer readable storage medium
US8700414B2 (en) 2004-12-29 2014-04-15 Sap Ag System supported optimization of event resolution
US8745698B1 (en) 2009-06-09 2014-06-03 Bank Of America Corporation Dynamic authentication engine
US8751559B2 (en) 2008-09-16 2014-06-10 Microsoft Corporation Balanced routing of questions to experts
US20140181968A1 (en) 2012-12-20 2014-06-26 At&T Intellectual Property I, L.P. Monitoring Operational Activities In Networks And Detecting Potential Network Intrusions And Misuses
US8793578B2 (en) 2011-07-11 2014-07-29 International Business Machines Corporation Automating execution of arbitrary graphical interface applications
US8819825B2 (en) 2006-05-31 2014-08-26 The Trustees Of Columbia University In The City Of New York Systems, methods, and media for generating bait information for trap-based defenses
US8849907B1 (en) 2006-03-31 2014-09-30 Rockstar Consortium Us Lp System and method for notifying participants of topics in an ongoing meeting or conference
US20140359708A1 (en) 2013-06-01 2014-12-04 General Electric Company Honeyport active network security
US8935673B1 (en) 2012-11-30 2015-01-13 Cadence Design Systems, Inc. System and method for debugging computer program based on execution history
US8955743B1 (en) 1998-04-17 2015-02-17 Diebold Self-Service Systems Division Of Diebold, Incorporated Automated banking machine with remote user assistance
US8976697B2 (en) 2012-12-17 2015-03-10 Broadcom Corporation Network status mapping
US9021419B2 (en) 2013-02-15 2015-04-28 Oracle International Corporation System and method for supporting intelligent design pattern automation
US9024993B2 (en) 2006-03-31 2015-05-05 Rpx Clearinghouse Llc System and method for automatically managing participation at a meeting or conference
US9088543B2 (en) 2013-06-03 2015-07-21 International Business Machines Corporation Coordinated network security management
US20150213369A1 (en) 2002-10-21 2015-07-30 Rockwell Automation Technologies, Inc. System and methodology providing automation security analysis and network intrusion protection in an industrial environment
US9105143B1 (en) 2009-03-30 2015-08-11 Bank Of America Corporation Persistent authentication
US9135615B1 (en) 2014-08-18 2015-09-15 Aurus, Inc. Systems and methods for processing payment transactions at fuel dispensing stations
US9183106B2 (en) 2006-01-13 2015-11-10 Dell Products L.P. System and method for the automated generation of events within a server environment
US9195739B2 (en) 2009-02-20 2015-11-24 Microsoft Technology Licensing, Llc Identifying a discussion topic based on user interest information
US9201646B2 (en) 2013-01-05 2015-12-01 Vmware, Inc. Automatic code review and code reviewer recommendation
US9215213B2 (en) 2014-02-20 2015-12-15 Nicira, Inc. Method and apparatus for distributing firewall rules
US9216509B2 (en) 2014-04-10 2015-12-22 Smartvue Corporation Systems and methods for automated cloud-based analytics for security and/or surveillance
US20160006755A1 (en) * 2013-02-22 2016-01-07 Adaptive Mobile Security Limited Dynamic Traffic Steering System and Method in a Network
US20160048502A1 (en) 2014-08-18 2016-02-18 Wells Fargo Bank, N.A. Sentiment Management System
US9280406B2 (en) 2009-10-05 2016-03-08 International Business Machines Corporation Automatic correction of application based on runtime behavior
US9311632B1 (en) 2015-03-03 2016-04-12 Bank Of America Corporation Proximity-based notification of a previously abandoned and pre-queued ATM transaction
US20160134653A1 (en) * 2014-11-11 2016-05-12 Goldman, Sachs & Co. Synthetic Cyber-Risk Model For Vulnerability Determination
US9356942B1 (en) 2012-03-05 2016-05-31 Neustar, Inc. Method and system for detecting network compromise
US9378064B2 (en) 2012-11-15 2016-06-28 Bank Of America Corporation Orchestration management of information technology
US9383973B2 (en) 2011-06-29 2016-07-05 Microsoft Technology Licensing, Llc Code suggestions
US9451056B2 (en) 2012-06-29 2016-09-20 Avaya Inc. Method for mapping packets to network virtualization instances
US9450901B1 (en) 2015-03-25 2016-09-20 Pypestream Inc. Channel based communication and transaction system
US9462013B1 (en) 2015-04-29 2016-10-04 International Business Machines Corporation Managing security breaches in a networked computing environment
US9471474B2 (en) 2013-08-19 2016-10-18 Microsoft Technology Licensing, Llc Cloud deployment infrastructure validation engine
US20160335016A1 (en) 2015-05-13 2016-11-17 Bank Of America Corporation Securing physical-storage-media data transfers
US9530129B2 (en) 2006-10-25 2016-12-27 Payfont Limited Secure authentication and payment system
US9555544B2 (en) 2015-07-02 2017-01-31 Accenture Global Solutions Limited Robotic process automation
US9600456B2 (en) 2011-08-30 2017-03-21 Hewlett-Packard Development Company, L.P. Automatically performing a web service operation
US9626721B2 (en) 2015-03-31 2017-04-18 Paypal, Inc. Wireless beacon connections for providing digital letters of credit on detection of a user at a location
US9632771B2 (en) 2012-12-13 2017-04-25 Microsoft Technology Licensing, Llc Association of metadata with source code and applications and services premised thereon
US9641544B1 (en) * 2015-09-18 2017-05-02 Palo Alto Networks, Inc. Automated insider threat prevention
US9647968B2 (en) 2015-03-25 2017-05-09 Pypestream Inc Systems and methods for invoking chatbots in a channel based communication system
US9660959B2 (en) 2013-07-31 2017-05-23 International Business Machines Corporation Network traffic analysis to enhance rule-based network security
US9667596B2 (en) 2014-06-04 2017-05-30 Bank Of America Corporation Firewall policy comparison
US9665467B2 (en) 2015-06-30 2017-05-30 International Business Machines Corporation Error and solution tracking in a software development environment
US9686186B2 (en) 2015-04-22 2017-06-20 Cisco Technology, Inc. Traffic flow identifiers resistant to traffic analysis
US20170177416A1 (en) 2015-12-21 2017-06-22 International Business Machines Corporation Dynamically adapting a test workload to accelerate the identification of performance issues
US20170173784A1 (en) 2015-12-22 2017-06-22 Tata Consultancy Services Limited System and method for monitoring, deploying, and tracking autonomous software robots
US9703624B2 (en) 2015-10-12 2017-07-11 Bank Of America Corporation Event correlation and calculation engine
US9715675B2 (en) 2006-08-10 2017-07-25 Oracle International Corporation Event-driven customizable automated workflows for incident remediation
US9723485B2 (en) 2016-01-04 2017-08-01 Bank Of America Corporation System for authorizing access based on authentication via separate channel
US20170228119A1 (en) 2016-02-09 2017-08-10 Wipro Limited System and methods for creating on-demand robotic process automation
US20170269972A1 (en) 2016-03-17 2017-09-21 Wipro Limited Method and system for dynamically integrating bots
US20170270431A1 (en) 2016-03-21 2017-09-21 Wipro Limited Methods for creating automated dynamic workflows of interoperable bots and devices thereof
US9817967B1 (en) 2017-01-13 2017-11-14 Accenture Global Solutions Limited Integrated robotics and access management for target systems
US20170364355A1 (en) 2016-06-15 2017-12-21 Phoenix Contact Gmbh & Co. Kg Data organization procedure and development environment system
US9923908B2 (en) 2015-04-29 2018-03-20 International Business Machines Corporation Data protection in a networked computing environment
US20180160309A1 (en) 2010-11-29 2018-06-07 Biocatch Ltd. Method, device, and system of differentiating between a cyber-attacker and a legitimate user
US20180197123A1 (en) 2017-01-09 2018-07-12 Sutherland Global Services Inc. Robotics process automation platform
US20180285839A1 (en) 2017-04-04 2018-10-04 Datient, Inc. Providing data provenance, permissioning, compliance, and access control for data storage systems using an immutable ledger overlay network
US10110629B1 (en) 2016-03-24 2018-10-23 Amazon Technologies, Inc. Managed honeypot intrusion detection system
US20180329399A1 (en) 2017-05-11 2018-11-15 Global Eprocure Robotic process automation for supply chain management operations
US20190004932A1 (en) 2017-06-30 2019-01-03 Infinera Corporation Unit test and automation framework (utaf) system and method
US20190089740A1 (en) * 2017-09-18 2019-03-21 Fortinet, Inc. Automated auditing of network security policies
US20190102676A1 (en) 2017-09-11 2019-04-04 Sas Institute Inc. Methods and systems for reinforcement learning
US20190124114A1 (en) 2017-10-25 2019-04-25 Bank Of America Corporation Network security system with cognitive engine for dynamic automation
US20190155225A1 (en) 2017-11-21 2019-05-23 Accenture Global Solutions Limited Bot management framework for robotic process automation systems
US20190163916A1 (en) 2017-11-30 2019-05-30 Bank Of America Corporation Data integration system for triggering analysis of connection oscillations
US20190182289A1 (en) 2015-07-11 2019-06-13 RiskRecon Inc. Systems and Methods for Monitoring Information Security Effectiveness

Patent Citations (129)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5907709A (en) 1996-02-08 1999-05-25 Inprise Corporation Development system with methods for detecting invalid use and management of resources and memory at runtime
US7174563B1 (en) * 1997-12-08 2007-02-06 Entrust, Limited Computer network security system and method having unilateral enforceable security policy provision
US8955743B1 (en) 1998-04-17 2015-02-17 Diebold Self-Service Systems Division Of Diebold, Incorporated Automated banking machine with remote user assistance
US6738908B1 (en) * 1999-05-06 2004-05-18 Watchguard Technologies, Inc. Generalized network security policy templates for implementing similar network security policies across multiple networks
US7685067B1 (en) 1999-05-14 2010-03-23 Amazon.Com, Inc. Computer-assisted funds transfer system
US20040168173A1 (en) 1999-11-15 2004-08-26 Sandia National Labs Method and apparatus providing deception and/or altered execution of logic in an information system
US6829585B1 (en) 2000-07-06 2004-12-07 General Electric Company Web-based method and system for indicating expert availability
US20110131644A1 (en) * 2000-08-25 2011-06-02 Keanini Timothy D Network security system having a device profiler communicatively coupled to a traffic monitor
US6826698B1 (en) 2000-09-15 2004-11-30 Networks Associates Technology, Inc. System, method and computer program product for rule based network security policies
US7861252B2 (en) 2001-03-21 2010-12-28 Andrzej Uszok Intelligent software agent system architecture
US20020184528A1 (en) * 2001-04-12 2002-12-05 Shevenell Michael P. Method and apparatus for security management via vicarious network devices
US20030046583A1 (en) * 2001-08-30 2003-03-06 Honeywell International Inc. Automated configuration of security software suites
US7120647B2 (en) 2001-10-30 2006-10-10 General Electric Company Web-based method and system for providing expert information on selected matters
US7607066B2 (en) 2002-06-26 2009-10-20 Microsoft Corporation Auto suggestion of coding error correction
US20040030931A1 (en) 2002-08-12 2004-02-12 Chamandy Alexander G. System and method for providing enhanced network security
US20050076237A1 (en) 2002-10-03 2005-04-07 Sandia National Labs Method and apparatus providing deception and/or altered operation in an information system operating system
US20150213369A1 (en) 2002-10-21 2015-07-30 Rockwell Automation Technologies, Inc. System and methodology providing automation security analysis and network intrusion protection in an industrial environment
US9412073B2 (en) 2002-10-21 2016-08-09 Rockwell Automation Technologies, Inc. System and methodology providing automation security analysis and network intrusion protection in an industrial environment
US7383578B2 (en) 2002-12-31 2008-06-03 International Business Machines Corporation Method and system for morphing honeypot
US20050166072A1 (en) 2002-12-31 2005-07-28 Converse Vikki K. Method and system for wireless morphing honeypot
US20050044418A1 (en) * 2003-07-25 2005-02-24 Gary Miliefsky Proactive network security system to protect against hackers
US7260844B1 (en) * 2003-09-03 2007-08-21 Arcsight, Inc. Threat detection in a network security system
US8397282B2 (en) 2004-03-10 2013-03-12 Rpx Corporation Dynamically adaptive network firewalls and method, system and computer program product implementing same
US7431202B1 (en) 2004-03-17 2008-10-07 Clifford Anthony Meador System and method to monitor credit card transactions
US7680809B2 (en) 2004-03-31 2010-03-16 Google Inc. Profile based capture component
US20060048218A1 (en) 2004-09-02 2006-03-02 International Business Machines Corporation System and method for on-demand dynamic control of security policies/rules by a client computing device
US20060090136A1 (en) * 2004-10-01 2006-04-27 Microsoft Corporation Methods and apparatus for implementing a virtualized computer system
US8700414B2 (en) 2004-12-29 2014-04-15 Sap Ag System supported optimization of event resolution
US20060191010A1 (en) * 2005-02-18 2006-08-24 Pace University System for intrusion detection and vulnerability assessment in a computer network using simulation and machine learning
US7626938B1 (en) 2005-03-31 2009-12-01 Marvell Israel (M.I.S.L) Ltd. Local area network switch using control plane packet mirroring to support multiple network traffic analysis devices
US8065719B2 (en) 2005-04-08 2011-11-22 At&T Intellectual Property Ii, L.P. Method and apparatus for reducing firewall rules
US7426654B2 (en) 2005-04-14 2008-09-16 Verizon Business Global Llc Method and system for providing customer controlled notifications in a managed network services system
US7937624B2 (en) 2005-04-18 2011-05-03 Research In Motion Limited Method for handling a detected error in a script-based application
US8572733B1 (en) 2005-07-06 2013-10-29 Raytheon Company System and method for active data collection in a network security system
US7882394B2 (en) 2005-07-11 2011-02-01 Brooks Automation, Inc. Intelligent condition-monitoring and fault diagnostic system for predictive maintenance
US20070016945A1 (en) 2005-07-15 2007-01-18 Microsoft Corporation Automatically generating rules for connection security
US7966654B2 (en) 2005-11-22 2011-06-21 Fortinet, Inc. Computerized system and method for policy-based content filtering
US20070143847A1 (en) 2005-12-16 2007-06-21 Kraemer Jeffrey A Methods and apparatus providing automatic signature generation and enforcement
US9183106B2 (en) 2006-01-13 2015-11-10 Dell Products L.P. System and method for the automated generation of events within a server environment
US8849907B1 (en) 2006-03-31 2014-09-30 Rockstar Consortium Us Lp System and method for notifying participants of topics in an ongoing meeting or conference
US9024993B2 (en) 2006-03-31 2015-05-05 Rpx Clearinghouse Llc System and method for automatically managing participation at a meeting or conference
US7966659B1 (en) 2006-04-18 2011-06-21 Rockwell Automation Technologies, Inc. Distributed learn mode for configuring a firewall, security authority, intrusion detection/prevention devices, and the like
US9356957B2 (en) 2006-05-31 2016-05-31 The Trustees Of Columbia University In The City Of New York Systems, methods, and media for generating bait information for trap-based defenses
US8819825B2 (en) 2006-05-31 2014-08-26 The Trustees Of Columbia University In The City Of New York Systems, methods, and media for generating bait information for trap-based defenses
US8407670B2 (en) 2006-06-02 2013-03-26 Microsoft Corporation Collaborative code conflict detection, notification and resolution
US7966655B2 (en) 2006-06-30 2011-06-21 At&T Intellectual Property Ii, L.P. Method and apparatus for optimizing a firewall
US9715675B2 (en) 2006-08-10 2017-07-25 Oracle International Corporation Event-driven customizable automated workflows for incident remediation
US7752554B2 (en) 2006-10-05 2010-07-06 Microsoft Corporation Bot identification and control
US9530129B2 (en) 2006-10-25 2016-12-27 Payfont Limited Secure authentication and payment system
US8099774B2 (en) 2006-10-30 2012-01-17 Microsoft Corporation Dynamic updating of firewall parameters
US7954143B2 (en) 2006-11-13 2011-05-31 At&T Intellectual Property I, Lp Methods, network services, and computer program products for dynamically assigning users to firewall policy groups
US8239674B2 (en) 2006-11-21 2012-08-07 Kabushiki Kaisha Toshiba System and method of protecting files from unauthorized modification or deletion
US20080168425A1 (en) 2007-01-05 2008-07-10 Microsoft Corporation Software testing techniques for stack-based environments
US8082471B2 (en) 2007-05-11 2011-12-20 Microsoft Corporation Self healing software
US7973508B2 (en) 2007-12-10 2011-07-05 XyZ Automation Inc. Automation systems diagnostics and predictive failure detection
US8418240B2 (en) 2007-12-26 2013-04-09 Algorithmic Security (Israel) Ltd. Reordering a firewall rule base according to usage statistics
US8508336B2 (en) 2008-02-14 2013-08-13 Proxense, Llc Proximity-based healthcare management system with automatic access to private information
US8285652B2 (en) 2008-05-08 2012-10-09 Microsoft Corporation Virtual robot integration with search
US8285643B2 (en) 2008-06-12 2012-10-09 Monncello Enterprises, LLC System and method for processing gift cards
US8751559B2 (en) 2008-09-16 2014-06-10 Microsoft Corporation Balanced routing of questions to experts
US9195739B2 (en) 2009-02-20 2015-11-24 Microsoft Technology Licensing, Llc Identifying a discussion topic based on user interest information
US20100223327A1 (en) 2009-03-02 2010-09-02 Realnetworks, Inc. Re-headerer system and method
US9105143B1 (en) 2009-03-30 2015-08-11 Bank Of America Corporation Persistent authentication
US8745698B1 (en) 2009-06-09 2014-06-03 Bank Of America Corporation Dynamic authentication engine
US8515958B2 (en) 2009-07-28 2013-08-20 Fti Consulting, Inc. System and method for providing a classification suggestion for concepts
US8171406B1 (en) 2009-08-19 2012-05-01 Symantec Corporation Automating user interface navigation
US8448139B2 (en) 2009-10-05 2013-05-21 International Business Machines Corporation Automatic correction of application based on runtime behavior
US9280406B2 (en) 2009-10-05 2016-03-08 International Business Machines Corporation Automatic correction of application based on runtime behavior
US8549643B1 (en) 2010-04-02 2013-10-01 Symantec Corporation Using decoys by a data loss prevention system to protect against unscripted activity
US20180160309A1 (en) 2010-11-29 2018-06-07 Biocatch Ltd. Method, device, and system of differentiating between a cyber-attacker and a legitimate user
US8588767B2 (en) 2011-03-31 2013-11-19 Fujitsu Limited Mobile terminal device, self-diagnosis method and non-transitory, computer readable storage medium
US9383973B2 (en) 2011-06-29 2016-07-05 Microsoft Technology Licensing, Llc Code suggestions
US8793578B2 (en) 2011-07-11 2014-07-29 International Business Machines Corporation Automating execution of arbitrary graphical interface applications
US8566169B2 (en) 2011-07-15 2013-10-22 Bank Of America Corporation Virtual gift card
US9600456B2 (en) 2011-08-30 2017-03-21 Hewlett-Packard Development Company, L.P. Automatically performing a web service operation
US20130227697A1 (en) * 2012-02-29 2013-08-29 Shay ZANDANI System and method for cyber attacks analysis and decision support
US9356942B1 (en) 2012-03-05 2016-05-31 Neustar, Inc. Method and system for detecting network compromise
US9674222B1 (en) 2012-03-05 2017-06-06 Neustar, Inc. Method and system for detecting network compromise
US9451056B2 (en) 2012-06-29 2016-09-20 Avaya Inc. Method for mapping packets to network virtualization instances
US9378064B2 (en) 2012-11-15 2016-06-28 Bank Of America Corporation Orchestration management of information technology
US8935673B1 (en) 2012-11-30 2015-01-13 Cadence Design Systems, Inc. System and method for debugging computer program based on execution history
US9632771B2 (en) 2012-12-13 2017-04-25 Microsoft Technology Licensing, Llc Association of metadata with source code and applications and services premised thereon
US8976697B2 (en) 2012-12-17 2015-03-10 Broadcom Corporation Network status mapping
US20140181968A1 (en) 2012-12-20 2014-06-26 At&T Intellectual Property I, L.P. Monitoring Operational Activities In Networks And Detecting Potential Network Intrusions And Misuses
US9201646B2 (en) 2013-01-05 2015-12-01 Vmware, Inc. Automatic code review and code reviewer recommendation
US9021419B2 (en) 2013-02-15 2015-04-28 Oracle International Corporation System and method for supporting intelligent design pattern automation
US20160006755A1 (en) * 2013-02-22 2016-01-07 Adaptive Mobile Security Limited Dynamic Traffic Steering System and Method in a Network
US20140359708A1 (en) 2013-06-01 2014-12-04 General Electric Company Honeyport active network security
US9088543B2 (en) 2013-06-03 2015-07-21 International Business Machines Corporation Coordinated network security management
US9660959B2 (en) 2013-07-31 2017-05-23 International Business Machines Corporation Network traffic analysis to enhance rule-based network security
US9471474B2 (en) 2013-08-19 2016-10-18 Microsoft Technology Licensing, Llc Cloud deployment infrastructure validation engine
US9215213B2 (en) 2014-02-20 2015-12-15 Nicira, Inc. Method and apparatus for distributing firewall rules
US9216509B2 (en) 2014-04-10 2015-12-22 Smartvue Corporation Systems and methods for automated cloud-based analytics for security and/or surveillance
US9667596B2 (en) 2014-06-04 2017-05-30 Bank Of America Corporation Firewall policy comparison
US9135615B1 (en) 2014-08-18 2015-09-15 Aurus, Inc. Systems and methods for processing payment transactions at fuel dispensing stations
US20160048502A1 (en) 2014-08-18 2016-02-18 Wells Fargo Bank, N.A. Sentiment Management System
US20160134653A1 (en) * 2014-11-11 2016-05-12 Goldman, Sachs & Co. Synthetic Cyber-Risk Model For Vulnerability Determination
US9311632B1 (en) 2015-03-03 2016-04-12 Bank Of America Corporation Proximity-based notification of a previously abandoned and pre-queued ATM transaction
US10187337B2 (en) 2015-03-25 2019-01-22 Pypestream Inc. Systems and methods for invoking chatbots in a channel based communication system
US9647968B2 (en) 2015-03-25 2017-05-09 Pypestream Inc Systems and methods for invoking chatbots in a channel based communication system
US9450901B1 (en) 2015-03-25 2016-09-20 Pypestream Inc. Channel based communication and transaction system
US9626721B2 (en) 2015-03-31 2017-04-18 Paypal, Inc. Wireless beacon connections for providing digital letters of credit on detection of a user at a location
US9686186B2 (en) 2015-04-22 2017-06-20 Cisco Technology, Inc. Traffic flow identifiers resistant to traffic analysis
US9923908B2 (en) 2015-04-29 2018-03-20 International Business Machines Corporation Data protection in a networked computing environment
US9462013B1 (en) 2015-04-29 2016-10-04 International Business Machines Corporation Managing security breaches in a networked computing environment
US20160335016A1 (en) 2015-05-13 2016-11-17 Bank Of America Corporation Securing physical-storage-media data transfers
US9665467B2 (en) 2015-06-30 2017-05-30 International Business Machines Corporation Error and solution tracking in a software development environment
US9555544B2 (en) 2015-07-02 2017-01-31 Accenture Global Solutions Limited Robotic process automation
US20190182289A1 (en) 2015-07-11 2019-06-13 RiskRecon Inc. Systems and Methods for Monitoring Information Security Effectiveness
US9641544B1 (en) * 2015-09-18 2017-05-02 Palo Alto Networks, Inc. Automated insider threat prevention
US9703624B2 (en) 2015-10-12 2017-07-11 Bank Of America Corporation Event correlation and calculation engine
US20170177416A1 (en) 2015-12-21 2017-06-22 International Business Machines Corporation Dynamically adapting a test workload to accelerate the identification of performance issues
US20170173784A1 (en) 2015-12-22 2017-06-22 Tata Consultancy Services Limited System and method for monitoring, deploying, and tracking autonomous software robots
US9723485B2 (en) 2016-01-04 2017-08-01 Bank Of America Corporation System for authorizing access based on authentication via separate channel
US20170228119A1 (en) 2016-02-09 2017-08-10 Wipro Limited System and methods for creating on-demand robotic process automation
US20170269972A1 (en) 2016-03-17 2017-09-21 Wipro Limited Method and system for dynamically integrating bots
US20170270431A1 (en) 2016-03-21 2017-09-21 Wipro Limited Methods for creating automated dynamic workflows of interoperable bots and devices thereof
US10110629B1 (en) 2016-03-24 2018-10-23 Amazon Technologies, Inc. Managed honeypot intrusion detection system
US20170364355A1 (en) 2016-06-15 2017-12-21 Phoenix Contact Gmbh & Co. Kg Data organization procedure and development environment system
US20180197123A1 (en) 2017-01-09 2018-07-12 Sutherland Global Services Inc. Robotics process automation platform
US9817967B1 (en) 2017-01-13 2017-11-14 Accenture Global Solutions Limited Integrated robotics and access management for target systems
US20180285839A1 (en) 2017-04-04 2018-10-04 Datient, Inc. Providing data provenance, permissioning, compliance, and access control for data storage systems using an immutable ledger overlay network
US20180329399A1 (en) 2017-05-11 2018-11-15 Global Eprocure Robotic process automation for supply chain management operations
US20190004932A1 (en) 2017-06-30 2019-01-03 Infinera Corporation Unit test and automation framework (utaf) system and method
US20190102676A1 (en) 2017-09-11 2019-04-04 Sas Institute Inc. Methods and systems for reinforcement learning
US20190089740A1 (en) * 2017-09-18 2019-03-21 Fortinet, Inc. Automated auditing of network security policies
US20190124114A1 (en) 2017-10-25 2019-04-25 Bank Of America Corporation Network security system with cognitive engine for dynamic automation
US20190155225A1 (en) 2017-11-21 2019-05-23 Accenture Global Solutions Limited Bot management framework for robotic process automation systems
US20190163916A1 (en) 2017-11-30 2019-05-30 Bank Of America Corporation Data integration system for triggering analysis of connection oscillations

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
J. Burns et al., Automatic Management of Network Security Policy, Aug. 7, 2002, IEEE, pp. 12-26. (Year: 2002). *
Kyoungho An, Resource Management and Fault Tolerance Principles for Supporting Distributed Real-time and Embedded Systems in the Cloud, Dec. 3, 2012, ACM, pp. 1-6. (Year: 2012). *
Lee Breslau et al., Advances in Network Simulation, IEEE, vol. 33 , Issue: 5 , May 2000, pp. 59-67. (Year: 2000). *
Shankar Mahadevan et al., A Network Traffic Generator Model for Fast Network-on-Chip Simulation, Mar. 7-11, 2005, ACM, vol. 2, pp. 780-785. (Year: 2005). *

Also Published As

Publication number Publication date
US20190124114A1 (en) 2019-04-25
US20200169585A1 (en) 2020-05-28

Similar Documents

Publication Publication Date Title
US10356044B2 (en) Security information and event management
US9916440B1 (en) Detection efficacy of virtual machine-based analysis with application specific events
US10574685B2 (en) Synthetic cyber-risk model for vulnerability determination
EP3179696B1 (en) Connected security system
US9832213B2 (en) System and method for network intrusion detection of covert channels based on off-line network traffic
EP3128459B1 (en) System and method of utilizing a dedicated computer security service
Vellaithurai et al. CPIndex: Cyber-physical vulnerability assessment for power-grid infrastructures
US10686809B2 (en) Data protection in a networked computing environment
US9258321B2 (en) Automated internet threat detection and mitigation system and associated methods
US10021127B2 (en) Threat indicator analytics system
EP3528459A1 (en) A cyber security appliance for an operational technology network
Nazir et al. Assessing and augmenting SCADA cyber security: A survey of techniques
Lee et al. German steel mill cyber attack
ES2755780T3 (en) Automated behavior and static analysis using an instrumented sandbox and machine learning classification for mobile security
Ahmed et al. Scada systems: Challenges for forensic investigators
JP6410588B2 (en) System and method for incubating malware within a virtual organization
US9129108B2 (en) Systems, methods and computer programs providing impact mitigation of cyber-security failures
US20170324766A1 (en) Selection of countermeasures against cyber attacks
US9104864B2 (en) Threat detection through the accumulated detection of threat characteristics
US9954884B2 (en) Method and device for simulating network resiliance against attacks
US9467466B2 (en) Certification of correct behavior of cloud services using shadow rank
US9661003B2 (en) System and method for forensic cyber adversary profiling, attribution and attack identification
US10313389B2 (en) Computer asset vulnerabilities
US9306962B1 (en) Systems and methods for classifying malicious network events
US10237296B2 (en) Automated penetration testing device, method and system

Legal Events

Date Code Title Description
AS Assignment

Owner name: BANK OF AMERICA CORPORATION, NORTH CAROLINA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:PURUSHOTHAMAN, SASIDHAR;REEL/FRAME:043949/0934

Effective date: 20171009

FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT RECEIVED

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED

STCF Information on status: patent grant

Free format text: PATENTED CASE